Seabone BGP Policy for Customers


Customers can find below our policy for propagation of BGP announcements over our network.

Filtering

All customers must be filtered by prefixes, using the automated tool that queries the IRR databases. Sparkle is implementing Resource Public Key Infrastructure (RPKI) validation, filtering invalid routes as proactive step to mitigate the risk of BGP route leaks and hijacking.

Automated Prefix Filtering

Customers are required to maintain their IRR objects (as-set or route-set) in one of the well known routing databases. Our tool queries by default the databases at RIPE, RADB, LACNIC, APNIC, ARIN, AFRINIC in this order. Other databases are possible, so long as they are currently mirrored by RADB.

The customer's as-set must contain a reference to the customer's ASN, and to all of the indirect customers behind. Make sure not to include peers and transits in your as-set. Please also ask your customers to keep their objects up to date and clean.

Please note that the tool works by looking at all route objects whose origin field matches the AS numbers listed in the as-set. This means that the owner of the ip address block must correctly register a route object in an IRR database. The as-set alone is not enough.

The tool that updates the prefix lists runs Mon-Fri at 06:00 CET/CEST.

Accepted prefix length

IPv4

We filter all announcements longer than /24 (i.e. a /25 or /26 is not accepted).

IPv6

We don't allow fragmentation of IPv6 space. Routes are accepted only as an exact-match against the route6 objects registered in the IRR.

Prefix lists

We recommend that you maintain an Internet Routing Registry (IRR) object (as-set or route-set) in one of the well known registries (RIPE, RADB, LACNIC, etc) so that all partners that use automated filters can properly build a list of prefixes.

Standard query is on RIPE, RADB, APNIC, AFRINIC, ARIN, SCW DBs.

NOTE that if your prefixes are registered on other DB, please ask during service activation phase to add the related DB on our filtering tool.

Other BGP parameters

The following items are configured by default for all customers.

Maximum Prefix

We apply a maximum prefix limitation to all customers, usually set at a value double of the number of prefixes received at activation time. Please keep in touch with our Customer Care in advance to notice us when you're about to add a large customer that could raise your total number of prefixes significatively, so that we can raise the maximum prefix beforehand to avoid service interruption.

Remote-triggered blackholing

If you are experiencing a Denial of Service (DoS) against one or more of your ip addresses, you can send us a route labelled with the community 6762:666, and we will immediately null-route that address. Warning: this means that this ip address will be TOTALLY unreachable! If you need to block only a certain type of traffic (e.g. udp traffic), you will need to call our Customer Care in order to have a temporary traffic filtering.
This feature is supported only for blackholing single hosts (/32).

Abuse of these features may lead to termination of service and legal action to recover any damage.
This feature is currently available on IPv6 as well, on single host (/128).

Communities

We do accept only communities listed into BGP community page and the no-export community, so all other communities received will be removed.